urlscan.io logo urlscan.io
SecurityTrails logo

www.billinformation.connect-xfinity.com Open in urlscan Pro
51.142.247.249  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.billinformation.connect-xfinity.com/
Submission: On October 08 via automatic, source phishtank — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 10 HTTP transactions. The main IP is 51.142.247.249, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.billinformation.connect-xfinity.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 7th 2022. Valid for: 3 months.
This is the only time www.billinformation.connect-xfinity.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

IP Address AS Autonomous System
3 51.142.247.249 8075 (MICROSOFT...)
2 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 2600:1f18:659... 14618 (AMAZON-AES)
1 2 34.249.157.182 16509 (AMAZON-02)
3 2a02:26f0:710... 20940 (AKAMAI-ASN1)
10 6
3    51.142.247.249 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.billinformation.connect-xfinity.com
2    2a02:26f0:7100::211:64a8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
login.xfinity.com
1    2600:1f18:6593:f607:11a7:cf56:2b1f:dc6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
7468.v.fwmrm.net
2    34.249.157.182 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-157-182.eu-west-1.compute.amazonaws.com
xfinitydigital.demdex.net
3    2a02:26f0:7100:1bc::30d4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
static.cimcontent.net
Apex Domain
Subdomains		 Transfer
3 cimcontent.net
static.cimcontent.net — Cisco Umbrella Rank: 27679
80 KB
3 connect-xfinity.com
www.billinformation.connect-xfinity.com
8 KB
2 demdex.net
xfinitydigital.demdex.net — Cisco Umbrella Rank: 86829
2 KB
2 xfinity.com
login.xfinity.com — Cisco Umbrella Rank: 25210
10 KB
1 fwmrm.net
7468.v.fwmrm.net — Cisco Umbrella Rank: 75981
411 B
10 5
Domain Requested by
3 static.cimcontent.net login.xfinity.com
3 www.billinformation.connect-xfinity.com www.billinformation.connect-xfinity.com
2 xfinitydigital.demdex.net 1 redirects www.billinformation.connect-xfinity.com
2 login.xfinity.com www.billinformation.connect-xfinity.com
1 7468.v.fwmrm.net www.billinformation.connect-xfinity.com
10 5
Subject Issuer Validity Valid
billinformation.connect-xfinity.com
cPanel, Inc. Certification Authority		 2022-10-07 -
2023-01-05		 3 months crt.sh
login.xfinity.com
COMODO RSA Organization Validation Secure Server CA		 2021-11-17 -
2022-11-17		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-29 -
2022-12-30		 a year crt.sh
static.cimcontent.net
COMODO RSA Organization Validation Secure Server CA		 2022-04-06 -
2023-04-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.billinformation.connect-xfinity.com/
Frame ID: BD442F69CD6F0DC7E0F6EA17589FF896
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to Xfinity

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

90 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

4
Countries

100 kB
Transfer

126 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://xfinitydigital.demdex.net/event?d_sid=4702129 HTTP 302
  • https://xfinitydigital.demdex.net/firstevent?d_sid=4702129

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.billinformation.connect-xfinity.com/ 		7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.billinformation.connect-xfinity.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.142.247.249 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
edbf694902c966383912ffd45ba5fd7e838fc1104df970598832ca8b1c64cb98

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 08 Oct 2022 14:11:09 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
fonts-remote.min.css
login.xfinity.com/static/css/junket/ 		3 KB
503 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180
Requested by
Host: www.billinformation.connect-xfinity.com
URL: https://www.billinformation.connect-xfinity.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::211:64a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.billinformation.connect-xfinity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;
content-encoding
gzip
date
Sat, 08 Oct 2022 14:11:10 GMT
last-modified
Wed, 28 Sep 2022 01:16:46 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=778
accept-ranges
bytes
content-length
307
expires
Sat, 08 Oct 2022 14:24:08 GMT
styles-stepped-out-light.min.css
login.xfinity.com/static/css/ 		35 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.xfinity.com/static/css/styles-stepped-out-light.min.css?v=c82b180
Requested by
Host: www.billinformation.connect-xfinity.com
URL: https://www.billinformation.connect-xfinity.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::211:64a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
9bf52d4359863c9b52ac468ace80c32236e119666ed015d95ca760e01c0acd70
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.billinformation.connect-xfinity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;
content-encoding
gzip
date
Sat, 08 Oct 2022 14:11:10 GMT
last-modified
Wed, 28 Sep 2022 01:16:46 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1718
accept-ranges
bytes
content-length
9711
expires
Sat, 08 Oct 2022 14:39:48 GMT
u
7468.v.fwmrm.net/ad/ 		0
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://7468.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D796%26dpuuid=%23%7Buser.id%7D
Requested by
Host: www.billinformation.connect-xfinity.com
URL: https://www.billinformation.connect-xfinity.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:6593:f607:11a7:cf56:2b1f:dc6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.billinformation.connect-xfinity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 08 Oct 2022 14:11:10 GMT
Content-Type
text/html
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Keep-Alive
timeout=300
Content-Length
0
Expires
0
firstevent
xfinitydigital.demdex.net/
Redirect Chain
  • https://xfinitydigital.demdex.net/event?d_sid=4702129
  • https://xfinitydigital.demdex.net/firstevent?d_sid=4702129
42 B
964 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xfinitydigital.demdex.net/firstevent?d_sid=4702129
Requested by
Host: www.billinformation.connect-xfinity.com
URL: https://www.billinformation.connect-xfinity.com/
Protocol
HTTP/1.1
Server
34.249.157.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-157-182.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.billinformation.connect-xfinity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v044-0a314749e.edge-irl1.demdex.com 3 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
EJxl9EDCQk4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-1-v044-063d3650f.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
6P/Me+iCQks=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://xfinitydigital.demdex.net/firstevent?d_sid=4702129
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
jquery-3.3.1.min.js
www.billinformation.connect-xfinity.com/static/js/libs/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.billinformation.connect-xfinity.com/static/js/libs/jquery-3.3.1.min.js
Requested by
Host: www.billinformation.connect-xfinity.com
URL: https://www.billinformation.connect-xfinity.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.142.247.249 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.billinformation.connect-xfinity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Sat, 08 Oct 2022 14:11:09 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
scripts-responsive.min.js
www.billinformation.connect-xfinity.com/static/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.billinformation.connect-xfinity.com/static/js/scripts-responsive.min.js?v=c82b180
Requested by
Host: www.billinformation.connect-xfinity.com
URL: https://www.billinformation.connect-xfinity.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.142.247.249 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.billinformation.connect-xfinity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Sat, 08 Oct 2022 14:11:09 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
truncated
/ 		933 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type
image/svg+xml
XfinityStandard-Regular.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Requested by
Host: login.xfinity.com
URL: https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:1bc::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176

Request headers

Referer
https://login.xfinity.com/
Origin
https://www.billinformation.connect-xfinity.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id
kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF
date
Sat, 08 Oct 2022 14:11:10 GMT
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"e3e79cd377b28c1e7ffea64b194136cf"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=1555363
accept-ranges
bytes
content-length
26768
x-amz-cf-id
JDKyKm4Hf48Zz-JFyPDcMu6w_ykaOOojACvO127o26z756TTb6o2IA==
XfinityStandard-Medium.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
Requested by
Host: login.xfinity.com
URL: https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:1bc::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228

Request headers

Referer
https://login.xfinity.com/
Origin
https://www.billinformation.connect-xfinity.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id
6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40
date
Sat, 08 Oct 2022 14:11:10 GMT
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"13709eac065721ba8cd0e2d1b6fa8026"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=1896194
accept-ranges
bytes
content-length
27152
x-amz-cf-id
lB149XL1LOgO4oGREPXMaDJj-TlKmyMVrYHen04Qx-nVPg5Oa0rI-A==
XfinityStandard-Light.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
Requested by
Host: login.xfinity.com
URL: https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:1bc::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a

Request headers

Referer
https://login.xfinity.com/
Origin
https://www.billinformation.connect-xfinity.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id
wnCwOacXycelzt78IMkr55wWB9WkMd2W
date
Sat, 08 Oct 2022 14:11:10 GMT
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"f05d3ebe80809d82ab14d62a79da544e"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=1899766
accept-ranges
bytes
content-length
27420
x-amz-cf-id
MNeDAhL5l5l7xxtAXtTNzX44inJKYlRMS7UgT-HYNLVgtiuVmrTb7g==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

4 Cookies

Domain/Path Name / Value
www.billinformation.connect-xfinity.com/ Name: PHPSESSID
Value: 38bc45393d641e3cbfcb346de546d693
.demdex.net/ Name: demdex
Value: 09480017297113284451649671180204615683
.xfinitydigital.demdex.net/ Name: xfinitydigital
Value: 09480017297113284451649671180204615683
.fwmrm.net/ Name: _uid
Value: "e9670_7152143909698341486"

2 Console Messages

Source Level URL
Text
network error URL: https://www.billinformation.connect-xfinity.com/static/js/libs/jquery-3.3.1.min.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www.billinformation.connect-xfinity.com/static/js/scripts-responsive.min.js?v=c82b180
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)